Re: Pentest Letter of Achievement/Certificate

From: R. DuFresne (dufresne@sysinfo.com)
Date: Wed Jul 13 2005 - 17:26:20 EDT

• Next message: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Previous message: Mark Teicher: "Re: Pentest Letter of Achievement/Certificate"
• In reply to: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Next in thread: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Reply: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Isn;t the final report pentesters report what is being asked for here?(0)
Or are companies really hung up on and seeking gold stars to post in public
areas and at the bottom of stationary? Kinda like the certifications that
M$ got for NT back in the late 90's I guess, meaningless in any env other
then the single system they had tested....

Thanks,

Ron DuFresne

(0) in most cases that pentesters report is likely to be backed with the
corp documentation showing how they mitigated the issues found during the
pentest. Afterall, few companeis should ever comeout of a thourough
penttest unscathed. So they document how they corrected what was
discerovered, and perhaps have another outside party verify the
'corrections'. but gold starts and report cards, or neat little
certificates in frames? <shakes his head>

On Tue, 12 Jul 2005, John Kinsella wrote:

> I think http://www.isecom.org/osstmm/ might cover what you're looking
> for...
>
> John
>
> On Tue, Jul 12, 2005 at 10:52:42PM +0200, blowfish 448 wrote:
>> Hi,
>>
>> any of you know if any 'standards' or accepted guidelines exist for a
>> letter or certification
>> of succesfull resistance to Penetration Testing/Vulnerability Assessment.
>> Customers often
>> demand to have a proof delivered by their Penetration Test service provider
>> to show to their
>> partners and customers.
>>
>> The idea of course is not to disclose sensitive information but to briefly
>> describe
>> the environment tested and how - according to which methodologies and the
>> attack vectors
>> tested for.
>>
>>
>> Thanks in advance
>>
>>
>

- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC1Yb/st+vzJSwZikRAilGAKDCOxyj3Fox77OhX21BgmkC7I1r3QCgxPYB
6R+l1D8nti84/RaOEfoUE5c=
=aHj2
-----END PGP SIGNATURE-----

• Next message: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Previous message: Mark Teicher: "Re: Pentest Letter of Achievement/Certificate"
• In reply to: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Next in thread: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Reply: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:33 EDT